Comments on: Top 10 Security Precautions when using Social Networking Sites

By: Emmanuel Carabott

Emmanuel Carabott — Wed, 24 Nov 2010 13:26:25 +0000

@Paul,

What you’re saying is true; however, you must consider 2 other scenarios that you have overlooked.

1. What if the employee finds a way around the employer’s technical enforcement and still accesses prohibited sites without the employer finding out?

2. (more likely) What about the employee’s access during his free time outside of work? What if an employee has the bad habit of using the same password everywhere and signs up for some malicious application using the same password which he uses to access the corporate network?

Employees who are not technical can place your network in jeopardy not only when they’re at work but everywhere and at any time. In my opinion neglecting to educate employees because they’re only allowed to access the Internet for strict work related purposes is in itself a security risk.

By: Paul

Paul — Mon, 20 Sep 2010 11:32:07 +0000

The 10 precautions listed in the opening argument of this article would have no relevance to an employer who has set down the law before an employee joins. The company pays you to work on a structured network of their choosing. Any violation of that trust is deemed a sack able offense on the spot with some of my clients’. Collect your things and don’t come back. The IT professionals in charge do not have the time to waste with idiots that do not understand the implications of their actions upon the security of the company’s data network. Work is for work, social networking sites are not. Who gives a proverbial if you whine and moan about not having “your” sites available. The company’s data is more important, without it you don’t have a job.
Any IT professional will tell you, they lock down user privileges to what is usable, and nothing more, this includes social sites.
If they don’t, they will be looking for another job.
Time for people to grow up and realize that they at work to work.

By: Emmanuel Carabott

Emmanuel Carabott — Fri, 13 Aug 2010 12:36:09 +0000

Damon B

Indeed a lot of people who aren’t security aware tend to use the same password everywhere. Sometimes because they don’t know better and something it’s because they’re afraid if they choose something new they’re going to forget it and so they use the same old password which they know well.

@ Elizabeth

That is certainly something to be expected. As I mentioned above when one chooses a password, especially when they don’t have an IT Background, they will think about something which they will not forget. This is generally related to what they love the most. It’s actually amazing that she mixed her pet’s name with her birth year as I bet most of the time you would simply get pet names without additional detail as the additional detail would make the password harder to remember. In any case excellent work in getting your co-worker to strengthen her password!

By: Elizabeth Sams

Elizabeth Sams — Wed, 11 Aug 2010 12:39:01 +0000

As utterly ridiculous as number 4 sounds, I’ve actually come across a co-worker who had been proven guilty of something like this. Granted she doesn’t have any IT background whatsoever, and is one of the most lax individuals when it comes to internet security, we managed to open up her different social networking profiles by using her pet’s name mixed with her birth year as the password.

Her love for her dog was quite obvious, and would not let a day go by without telling us his name. It took us about three tries to crack the coder, but we made sure to tell her about it afterwards. I can’t imagine what would’ve happened if someone with more malicious intentions got a hold of that kind of information.

By: Matthew Cheng

Matthew Cheng — Wed, 11 Aug 2010 12:16:25 +0000

@Karrie Albert

I think the same can be said about Twitter. With a lot of third party websites allowing a whole array of different services, a lot of Twitter users are jumping on the bandwagon, giving these sites unrestricted access to their accounts. And if these suspicious sites can retrieve your password information and link it to your other social networking profiles, you just willingly gave out full-access to your entire online identity by clicking “Accept.”

By: Damon B

Damon B — Wed, 11 Aug 2010 12:06:12 +0000

“Never use the same passwords that you use at work on a social networking site.”

I found this quite apt seeing that it’s the top of the list. After doing a survey on the security practices of one of our client’s employees, we’ve discovered that 9 out of 10 of them use the same passwords for their work, their e-mail and their social networking sites. It’s identity theft waiting to happen, and though it was only one company we looked at, we wouldn’t be surprised if this was a trend in a lot of other corporations.

By: Emmanuel Carabott

Emmanuel Carabott — Fri, 30 Jul 2010 10:33:13 +0000

I completely agree with Karrie; it is essential to be careful with what one installs on social networking sites as well. There are reports of malware installing trojans on your computer through Facebook.

@Carmel

There are ways to ensure these security checks aren’t circumvented, obviously you can never be sure it will be 100% effective but it can get quite close. It always depends on your setup and what you want to allow and deny. Generally having one Internet gateway and controlling access through that works best. If you want maximum security you could use a white list approach allowing the firewall at the gateway to only allow access on port 80 and only to those sites you want to allow. Additionally another option is to monitor what people visit and when somebody circumvents the technology he can still be disciplined for breaking the policy. Employees need to learn that the block is there to enforce the policy and going around it does not make the action right, it makes things worse.

By: Carmel Amelia

Carmel Amelia — Thu, 29 Jul 2010 19:53:56 +0000

“When you have resourceful (and smart) employees, it’s almost impossible to deny them access to any site. Our IT person at work tried to block all access to restricted sites (social networking sites included)but someone always finds a way to work around it and the next week, everyone are able to (secretly) access Facebook and Twitter again.

Is there a fool-proof way to deny access to specific sites?

By: Karrie Albert

Karrie Albert — Thu, 29 Jul 2010 19:49:39 +0000

Another suggestion:

Don’t install applications such as those that claim to make you find out who’s checking your profile as Facebook doesn’t support that feature and will not allow a 3rd party app to do so. It might just pose a risk to your system. Next thing you know, your account “posts” status updates that you did not create.

Facebook is becoming a hacker heaven. If you use such social sites, steps should be taken to ensure your system and even your identity is protected.

By: Sue Walsh

Sue Walsh — Thu, 29 Jul 2010 05:44:06 +0000

In light of the recent news that over 100 million Facebook profiles are now available for download on BitTorrent, I’d like to add never ever have your profile set to public. Lock it down so that only your friends can see your info.

I also advise thinking carefully before adding your boss to your friends list. The net is full of stories about people who added their boss to their friends list, forgot, and got busted (and in some cases fired!) when they posted a status bashing their workplace!